As with the above comments your thesis needs to be much more clearly defined, with a clear set of objectives and for an intended audience. You should significantly reduce the range of topics you are considering. The Cloud is a massive subject without getting into a discussion of the Windows registry.

You might consider a more targetted approach and one of the starting points might be looking at the legislation around cloud data being collected by law enforcement agencies in the country in which you reside/study, or it could be a number of other counties. From there you could look at the quantities of data in the various cloud services that would not be found on a suspect's devices. Establishing a determination as to whether a crime is being adequatately investigated if no cloud data is being collected.

There are options of how cloud data should be collected and by whom. How do these people become trained and qualified to collect this data and what tools, processes, contemp notes should exist. How many people would be needed and where would they fit into the law enforcement agencies. Should they be a separate technical entity apart from the investigations team or part of it. How would they verify they are accessing the correct accounts, i.e. what level of checks and balances need to be in place.

You could look at the traditional digital forensic examination process and determine the artefacts that would demonstrate the use of cloud services. You could establish a list of clear indicators that data is being manually synchronised with a cloud service versus automatically sychronised. You could determine user settings and preferences and perhaps the evidence that synchronisation services had been turned on or off and when. Such artefacts might well exist and you could identify these and publish your findings. Extensive test sets would be needed and youd have to limit the number of cloud services and device types in your study.

Any one of those three suggestions is plenty for a Master's. You wouldn't need to be doing all three. With each of the three above there are plenty of further questions I could have added.

I'm not sure your planned approach of creating a simulated cloud service will provide much real-world relevance. I think you would be better placed looking at actual cloud services in use. This would particularly be the case with mobile devices where the cloud access is linked to the services' own installed app.

This has the potential to be a very interesting topic for the community. Done well it would be a positive contribution to the community if you were to share it once completed. In some countries law enforcement agencies are starting to collect cloud data on a more routine basis but others are not. It's early days for cloud forensics.

I'm guessing fom your posts English is not your first language. If that is the case I hope the advice being given makes sense.

Steve

Yes, i'm italian.
I know that the cloud is different from the virtual machine and that it doesn't make sense. Unfortunately I can't simulate in a real cloud environment.

Mine is not a research thesis, but a normal thesis.

What is your advice?
Examine the artifacts of various cloud services? (dropbox, drive, etc.)?

1) What is the time frame you have to complete the work and thesis?
2) What research have you carried out to-date on this subject?
3) Have you read papers by others that focussed their thesis on forensics and the cloud?

I have a large library on cloud forensics. The type of research mentioned at 2/3 (above) that I am referring, is as follows. The list below is a small sample I compiled from my library based upon the description of the MSc thesis that you gave: